Archive for June, 2011

Last week, Mozilla programmers and executives were jubilant when the release of Firefox 5 marked the successful transition to a more competitive rapid-release development cycle.

Now, with a backlash from corporations and others who aren’t equipped to handle that pace of change, things aren’t quite so sunny. The organization and its community of supporters have begun some soul-searching about how to reconcile the conflicting priorities–developing software quickly but not leaving users behind.

Mozilla has concluded that Firefox isn’t for corporations whose Web use doesn’t move at the speed of today’s Web, though. That decision frees Mozilla from catering to that audience, but it also means that audience is more likely to choose a rival browser–Microsoft’s Internet Explorer being the most obvious candidate.

The tension mirrors one in standardization circles between two groups overseeing Hypertext Markup Language, the programming language better known as HTML that’s used to describe Web pages. One group, the Web Hypertext Applications Technology Working Group (WHATWG), has moved to a “living” document whose HTML specification continually evolves. The other, the World Wide Web Consortium (W3C), standardizes a snapshot of this specification through a process that moves at a much more stately pace for those whose products and certifications also do: its HTML5 standard isn’t due to be officially complete until 2014.

It began with a simple question from a Firefox 3.6 user who wants to keep that version as long as possible. The intensity picked up with two quotations on the blog of Mike Kaply, a consultant who specializes in browser matters:

I have 500,000 corporate users on Firefox 3.6. We just completing a test cycle of Firefox 4 on many thousands of internal business web applications. Many hundreds of application owners and their test teams have participated. We gave them several months to ready themselves. We worked with dozens of internal Add-On developers and product teams to prepare their add-ons for Firefox 4. We’re poised to deploy Firefox 4.01 in 3Q when the corporate change freeze lifts…The Firefox 4 EOL [end of life schedule] is a kick in the stomach. I’m now in the terrible position of choosing to deploy a Firefox 4 release with potentially unpatched vulnerabilities, reset the test cycle for thousands of internal apps to validate Firefox 5 or stay on a patched Firefox 3.6.x. By the time I validate Firefox 5, what guarantee would I have that Firefox 5 won’t go EOL when Firefox 6 is released?

“We recognize that this shift may not be compatible with a large organization’s IT policy and understand that it is challenging to organizations that have effort-intensive certification polices. However, our development process is geared toward delivering products that support the Web as it is today, while innovating and building future Web capabilities,” said Kev Needham, channel manager at Mozilla, in a statement. “Tying Firefox product development to an organizational process we do not control would make it difficult for us to continue to innovate for our users and the betterment of the Web.”

And Firefox, fundamentally, is aimed at individuals, not corporations, Needham said.

With the rapid-release cycle, Firefox versions reach their end of life soon. “As part of the faster cadence, FF5.0 automatically EOL’s when FF6.0 is released with users getting silent updates,” the rapid-release documentation states. Firefox 4 uses the earlier policy, which offers support for up to six months after a major successor is released. New versions of Firefox initially were set to arrive every three months, but now they’re set to arrive sooner on a six-week schedule that should produce Firefox 6 on August 16 and Firefox 7 on Sept. 27. Version numbers no longer are promoted.

So how did we get here?

The rapid-release arrival
The rapid-release cycle, in which Firefox issues four new versions a year, is intended to bring new features to people sooner. That could be better performance, new Web programming technologies, or user interface improvements.

With the older style, a version number change was a rare event that signified major change. As a result, releases often were pushed back by months as programmers worked to include and debug their new features. With the rapid-release approach, new versions of Firefox ship quarterly with whatever new features are done. The consequences to missing the release train are lower, since another train will come around again soon.

“By releasing small, focused updates more often, we are able to deliver improved security and stability even as we introduce new features, which is better for our users, and for the Web,” Needham said.

The idea is based on how Google develops Chrome, a browser that in less than three years has won over one out of every eight people on the Web. Last year, Chrome switched from quarterly releases to an even faster six-week schedule.

Chrome has proven successful, and it’s no wonder Mozilla is paying attention. Chrome’s growth took off just as Mozilla’s share of browser usage peaked at just shy of one in four users. Although the two projects compete, they share some goals–making the Web a more powerful platform for software, for example–and Chrome engineers directly briefed Mozilla on how to quicken the pace.

But Chrome and Mozilla have one very big difference. From the outset, Chrome has automatically, silently updated itself when new versions arrive. Chrome users have no idea what version they’re using unless they explicitly check. Chrome version numbers increment rapidly–the stable version is Chrome 12, the beta version is Chrome 13, and the edgier developer version is Chrome 14. Those numbers are mere labels to keep track of branches on a tree, though.

In contrast, Mozilla is retrofitting the rapid-release schedule to a user base that’s not not used to it.

Updating extensions
One of Firefox’s biggest assets has been its ability to run extensions that could customize what the browser could do with a programming foundation called XUL. But when it comes to change, extensions have a downside: new versions of Firefox can break compatibility.

Firefox 5 comes with a new extensions framework code-named Jetpack but officially named the Add-on SDK. This new mechanism, similar to the extensions systems of Chrome and now Safari and Opera, lets programmers write their add-ons with Web technologies such as HTML and JavaScript. Mozilla says the interfaces will be stable, greatly easing the compatibility problem, and an online tool in beta testing called the Add-on Builder is available to for coders to create the new extensions.

“You can do nearly everything with an Add-on SDK and Add-on Builder based add-on that you can do with a XUL-based add-on,” said Justin Scott, Mozilla’s add-ons product manager.

Unfortunately, though, rewriting extensions is work for anyone relying on them.

“After shipping version 1.0 of the Add-on SDK and the Add-on Builder Beta, one of our top priorities is to help developers migrate from XUL-based add-ons to Builder/SDK based add-ons, so implementing advanced add-ons will become much easier,” Scott said.

The debate
The mailing-list discussion has captured some of the back-and-forth.

Jean-Marc Desperrier suggested Mozilla release Firefox the way Ubuntu releases its long-term support (LTS) versions of Linux: A version comes out every two years for customers that need stability not provided by the other twice-yearly releases.

“Normal users get updated to each new release, but people who need the stability and don’t care about frequent functionality update can stay on the LTS release for a whole year,” Desperrier said.

Mozilla’s Asa Dotzler countered that such a move would be expensive, though, and added, “Corporate deployments have never been a Firefox focus. Mike Beltzner, the former director of Firefox who’s still an active member of the Mozilla community, concurred.

“While I agree that longer intervals would be better for corporate deployments and embedders [who build a browser into a product], I’m not at all certain it’s the best thing for the Web or for Mozilla,” Beltzner said. “My instinct is to let corporate deployers catch up to a faster…We don’t have the resources–as a community–to focus on their problems and on moving the Web forward.

It’s no surprise to see a different view at Microsoft, much of whose revenue comes from corporate customers. “We’ve got a great solution for corporate customers with both IE8 and IE9,” said IE team member Ari Bixhorn in a blog post, offering these points:

1. Enterprises have always been, and will always be, an important focus of ours.

2 For corporate customers, we’ll support each version of Internet Explorer as long as the latest version of Windows that it runs on is supported. For example, Windows 7 Enterprise is supported through January 2020. Internet Explorer 9 will therefore also be supported through January 2020.

The rapid-release issue is complicated for slower-moving organizations by the fact that security risks of using a browser show no signs of abating. Sticking with an older and unsupported browser exposes browser users to malware on the Web.

Dotzler, in comments that mirror Google’s Chrome philosophy, made the argument that software running on a person’s computer is similar to the software people use as Web service. In the latter case, site operators frequently update their sites with no notice at all to those who use them.

“No one is complaining these days about Google Chrome 14, and not a soul I know (and I know a lot of sophisticated computer users) even knows what version of twitter.com or gmail.com they’re using,” Dotzler said.

Fundamentally, the conflict boils down to one often called the “consumerization of IT.” People increasingly expect their company computing equipment to behave like that they buy themselves. They want to recieve company e-mail alerts on their smartphones, to use the company’s intranet site with their iPad, and to be able to check their Web-based e-mail from any browser.

Ultimately, though, IT departments may just not be able to deliver all that, as the persistent use of decade-old IE6 shows. So don’t be surprised to see a wider gulf forming between the fast movers of the Web world and those who can’t keep up.

PRAGUE–Avast isn’t content with merely 130 million active Windows users. In addition to expanding its security offerings for the PC, the company plans to move at least some of its threat definitions to the cloud, while introducing a personal VPN and debuting an Android app with some features only for rooted phones.

Avast debuted its AutoSandbox earlier this year in both its free and paid versions. For 2012, the company is looking towards cloud-based detections.

(Credit:
Screenshot by Seth Rosenblatt/CNET)

Avast Chief Technical Officer Ondrej Vlcek spoke to CNET during a recent tour of the company’s virus lab about what the company had planned. Vlcek, who has been with Avast for 16 years and wrote the company’s first Windows product, said that Avast looks to leverage its community data to develop better software for businesses as well as attract even more home consumers. “In the next few months, we’ll be coming out with some extra products not included in the suite, such as online backup, password management, and identity protection,” Vlcek said.

Given Android’s skyrocketing marketshare, it’s not surprising that Avast is working on an Android security app, too. What’s interesting is that Avast is aiming specifically for users who have rooted their phones. “Rooted phones are more prone to certain kinds of attacks,” said Vlcek, “because they are more able to run a wider range of programs. We consider people with rooted phones higher-risk users, and so they need more security. Fifteen [percent] to 20 percent of Android phones are rooted, including the Nexus which comes rooted.”

He wouldn’t reveal what the root-specific features Avast is considering are, but he did mention the app’s basics. These included the company’s antivirus engine, anti-theft and phone tracking, a contacts filter, and parental locks. A backup feature has yet to be settled on, he said, “because there’s a big difference between a contacts list backup and backing up media files and apps.” The company is also considering tying its WebRep engine for search result ratings and verification to the Android app. Vlcek wouldn’t commit to a specific month for release, either, only saying that it would arrive sometime in the fourth quarter and be completely free.

The most unusual feature that Avast will soon offer, however, is a personal VPN for both desktops and mobile. “It’s a bit risky for us because we don’t know how heavily people will be using it,” Vlcek said. “But because of the insecurity of open, public Wi-Fi, where somebody can copy your session cookie and log on, we had to make people safer.” The VPN solution will create a secure tunnel through which people can send data without fear of being tracked by an ISP or government, or having their computer or phone hacked.

“The Digital Millennium Act mandates ISPs to keep logs of everything for some time, and some people are not comfortable with that. We encrypt everything that goes through the ISP and then it’s unencrypted after it passes through,” he said. The VPN will support multiple secure protocols, including PPPT, OpenVPN, SSL, and L2TP. A new companion VPN client for desktops and smartphones will help users configure the VPN, Vlcek said, and there won’t be any bandwidth limitations.

He also noted, with a smile, that it will also allow country IP address spoofing to one of 17 countries in North America, Europe, or Asia. Vlcek wasn’t concerned about how useful it would be to people living in countries with restrictive Internet policies. “The Chinese officials won’t try to block it because they know that business people need it for travel,” he said.

He wouldn’t make the timeline for release of the VPN public, but Vlcek did say that it would be a paid product “with yearly and monthly plans, in the ballpark of $50 year.” Avast Chief Executive Officer Vince Steckler said the company plans to start with the long-duration subscriptions but wants to move into micropayments so people can use the VPN on a per-session basis.

CTO for Avast, Ondrej Vlcek. "With our user base we have the potential to have a much stronger cloud than anybody else."

(Credit:
Seth Rosenblatt/CNET)

Vlcek went on to talk about what’s coming in the 2012 Avast suite, due next February. Avast will be moving at least some of its threat definitions to the cloud, following many of its competitors such as Symantec, Trend Micro, Microsoft, and Panda. Vlcek said that Avast’s cloud-based detection will be better because of the number of active Avast users, which is more than 130 million people. “With our user base, we have the potential to have a much stronger cloud than anybody else.”

Additionally, Avast is looking at running your browser in its auto-sandbox by default. “Since just after the release of version 5, we haven’t seen anything bypass the sandbox,” Vlcek said.

Speaking of older versions of Avast, Vlcek also revealed some interesting numbers about which versions of the program people are using. It turns out, Internet Explorer and Firefox aren’t the only programs struggling with version creep. About 60 percent of the active user base is on version 6, the current version, he said, but there are still about 15 percent of active users on version 4. “These are mainly people running a cracked, pirated license. We actually converted about 1 million users to version 6 free by circulating a ‘license key’ and passively upgrading them,” Vlcek said.

Avast has plans to compete with more feature-heavy paid security suites, too. Users will soon be able to get online backup and password management solutions from Avast. The company has licensed Mozy to provide an Avast-branded online backup option, said Vlcek, with “no real changes” to Mozy’s license or fees.

Roboform will provide Avast’s password management tool, for about $10 a year. “We didn’t use LastPass because they weren’t very flexible about third parties,” said Vlcek. “The goal is to provide a low-cost password manager that we think our free users will enjoy.”

Vlcek said both the password manager and the online backup solutions will be available around before the end of the summer.

Avast's virus lab remains undecorated, yet nevertheless is the heart of the company.

(Credit:
Seth Rosenblatt/CNET)

Seemingly random names are embossed on the interior glass walls of the Avast offices and conference rooms in its Prague headquarters, and the June morning light shines illuminates them from behind. Written in black, these names and the orange-colored names of cities below them are in fact the forum nicknames of the people who use Avast and the cities they originate from. It appears there are Avast users on every continent on Earth, and that, said the company’s CEO Vincent Steckler, is by design.

“Two-thirds of new users come from personal recommendations,” he said. “Trying to get 35 million users from direct marketing is nearly impossible, so we have to rely on the community.” Originally from the United States but living in Prague since he took over as Avast’s chief officer in July 2009, Steckler is a numbers man. He touts the raw numbers of Avast’s achievements with a pride that most parents reserve for a straight-A report card from their kids.

He gleefully told CNET that Avast can boast 29 countries with at least 1 million active users each. He pointed to Brazil having just passed France as the country with the most Avast active users, both with 12 percent. The United States is in third with 8 percent, but that Americans lead with the most Avast paid-upgrade installs. Five percent of its actives are in Russia, which Steckler said puts the country fourth on Avast’s list and gives the company more active users there than the Moscow-based Kaspersky.

“We have about 1 million users per employee,” Steckler noted. Avast’s Brand Manager Miroslav Jirku quipped. “This is the first marketing job in my career that I don’t have a marketing budget.”

A former senior vice president of sales for Symantec, the makers of Norton, Steckler said that Avast has about 20 million more active users than its nearest competitor, AVG, because “there is no difference in malware protection between free and paid.”

How Avast builds protection

More so than any third-party efficacy test, Avast relies on its reputation with users to fuel its growth. On CNET’s Download.com, the free version of Avast is the only program with a 4.5-star rating from readers with more than 10,000 votes. Jindrich Kubec, Avast’s director of antivirus research, said that to keep individuals safe Avast must deal with the same problem that all antivirus vendors struggle with. “The one single biggest challenge is the number of samples every day. This is the biggest challenge for everyone in the industry.”

Also like its competitors, Avast’s detection starts with gathering threat samples. Kubec said that the company sees about 50,000 to 60,000 new virus samples per day, while Steckler added that about 15,000 of those are actually unique. The difference is that the former number is the raw raw number of virus threats detected, while the later is the number of polymorphic virus families. As the name implies, these virus families behave or look similar with only slight variations, so they are considered of the same group.

Kubec also pointed out that the “bad guys” are extremely responsive. “They have very fast reactions. It takes about three hours after a threat has been stopped for the virus maker to put out a new one,” which he clarified to mean a new variant.

Avast has built about 5 million “honeypots” around the Web for picking up on threats early, and it also relies heavily on its CommunityIQ database, said Kubec. “We see hundreds of gigabytes per week in our own feeds, so we have lots of metadata and heuristics over the metadata. We have the automated way of detecting something, and we have the manual power to decide quickly,” he explained in English, which is not his first language.

The honeypot attracts threats and stops them before they reach people. For example, Kubec, said, “we know that some domains are really bad, [they’re] just for malware. So we have some honeypots that know the binary from that domain, and then it gets killed.” He cited the CZ.CC, CO.BE, and VB.CC domains, as well as old Soviet domains .SU as notoriously sources of malware.

Most if not all major consumer security vendors manage a database like Avast’s CommunityIQ, which gets its anonymously contributed security data from its users. Within the program itself, CommunityIQ uses automated processes to gather its data, mostly from the program’s behavior shield and anti-rootkit modules. “Rootkits are considered the most dangerous kinds of malware and the most difficult to remove,” said Ondrej Vlcek, Avast’s chief technical officer. “So we struck a deal with the maker of the popular GMER to integrate it into Avast. We’ve developed it further,” to both integrate it and make it more powerful at rootkit detection, he said.

Avast CEO Vincent Steckler. ""It's not just the community, it's the influencers with the community," he said. "If they see that you're annoying their mother or their friends, they're going to stop recommending you."

(Credit:
Seth Rosenblatt/CNET)

The data that CommunityIQ gathers includes “safe” programs as well as malicious ones, Kubec said, and provides Avast with a broad base of data in exchange for securing your computer. While the “Little Brother” implications may worry some, it’s clearly a trade people are willing to make. “About 60 [percent] to 80 percent [of active users] opt in to the community reporting, said Steckler, who added that CommunityIQ is an opt-out choice when you install Avast. That means that during the install, users must actively choose to remove themselves from CommunityIQ, although doing so does not decrease the level of protection that Avast provides.

Pre-processing helps Kubec’s team manage the virus samples that come in. By the time that one of his analysts starts working on a sample, he said, they already know its filename and metadata. Not unlike competitor AVG, Avast’s virus lab runs the sample in a virtual machine through the company’s proprietary tools to get a graphical layout and entropy map of the file. From there, “we search for something rare in files,” said Michal Trs, a senior virus analyst at Avast.

One of 30 analysts the company employs, all based from their Prague office, he explained his comment further by saying that he and his colleagues look for code in a file that shouldn’t be there, like an executable command hidden in an image file. “It’s not perfect, but it does look for the file signature for metamorphic viruses and polymorphic viruses. We know that our tool is a program that the virus is not prepared for.”

After generating the entropy map and determining that a file is indeed a threat, the analyst generates a checksum for it and pushes the update to Avast’s users. A checksum is a fixed number generated by a tool that essentially “fingerprints” the file. If the data inside the file changes, whether by a virus or by authorized means, the checksum changes. Similar to how the police might compare fingerprints, the checksum has proven to be an effective tool for verifying a file’s contents.

The last step, Vlcek added, is making sure the new rule is risk-free. “Before we push a rule out we test it so it doesn’t hurt the user. We have seen few complaints,” he commented.

The changing threatscape

Defining what constitutes a threat to a person’s computer security may appear on its face to be an easy task. Perhaps it once was. Today, however, Kubec said we face a much more challenging task in figuring out what is a threat that a traditional antivirus company ought to handle. “The border of where we should interfere is very difficult, some users want more security. Some want less. It’s harder to define what is a virus,” he said.

The bad guys, he continued, can simply buy their way into being bad guys. “They can buy server hosting, exploit kits, hire interface designers, hire accountants…I believe that the number of people writing the malware is very low, but the number of clients buying it is very high.”

Worse than that, he added, are the way that social engineering is driving creativity in newer threats. “There was a very strange kind of fraud in Slovakia, where [the people committing the fraud] were getting people to register a user name on what looked like a normal site. So you tick [the box] that you accept, and then in the TOS, in the small print it said you owe them $90 per year,” he said. “They were not charging you for the software, they’re charging you for the link to the software.”

Jindrich Kubec, Avast's Director of Antivirus Research: "The bad guys are adopting new techniques like caching servers, and they are downloading the malware constantly so it looks it's a new version–but it's really nearly the same."

(Credit:
Seth Rosenblatt/CNET)

But, Kubec says, the burden of protection should not rely on the Internet service provider. “ISPs should not alter your results, they should just deliver the data. That’s what they’re paid for.” And search engines, like Google, he said are “good” but “too slow.”

“When you see a Web-based infection, it’s a chain. So should Google block the original site that has a bad iFrame on a good site? I don’t know,” he said, shaking his head. Kubec laid a lot of the blame on unscrupulous ad agencies that he says don’t care where the ads come from, even though they are being used to deliver malware and exploit people’s computers.

Vlcek explained how that works. “The JavaScript doesn’t usually contain the malicious payload. Instead, it scans the computer for vulnerabilities. It looks at Java, PDFs, Flash, and it only takes one to infect the computer.”

Kubec also said that, at least in Europe, people have been getting malware just from listening to music. “You can run a stand-alone music application, which displays an ad. If it hits a Java exploit, you get infected.” He also criticized the blogging tool WordPress for its shared theme plug-ins, because they’re often written with backdoors installed, creating yet another vector by which hackers can access your Web site.

Whatever the nature of the threat, the bottom line for Steckler is reduced to Avast’s reputation. “It’s not just the community, it’s the influencers with the community,” he said. “If they see that you’re annoying their mother or their friends, they’re going to stop recommending you. If we’ve got the choice between near-term revenue or long-term user happiness, we’ll go with long-term.

Independence Day is coming on July 4th, and that means people will be getting together to light fireworks or watch fireworks shows, and–perhaps most importantly–cook great food.

Though this might seem early with the 4th of July more than a week away, we wanted to make sure everybody had time to figure out their menus and get their supplies ready before the mad rush to the grocery stores. With these apps, you can start planning for the perfect Independence Day feast.

This week’s app collection is all about cooking apps for iOS. The first lets you browse recipes from famous chefs on the Food Network; the second gives you a giant database of recipes and cooking guidance for any time of year; and the third is perfect for planning and cooking outdoors on the barbecue.

Get a quick overview for each recipe to see if it's what you want.

(Credit:
Screenshot by Jason Parker/CNET)

In The Kitchen ($1.99) gives you a database of delicious recipes from all your favorite Food Network chefs. The interface offers a number of ways to find a good recipe, either by using a search tool or by touching the image of a chef from the Food Network.

Browse through thousands of recipes from popular chefs including Bobby Flay, Alton Brown, Paula Deen, Giada De Laurentiis, and Rachael Ray, and get reviews for recipes from other users. Once you decide on a dish, you can have In The Kitchen create a shopping list for you so you can check off ingredients as you walk around the store. The shopping list is particularly helpful because you can add just the items you need or all the items from multiple dishes. Even if you don’t want to make a particular recipe today, you can store favorites in a recipe box so you can get back to them later.

Along with tons of recipes from your favorite Food Network chefs, handy tools for shopping, and a recipe box for your favorites, In The Kitchen offers timers so you don’t even need to set a separate one. With all these features and the addition of special seasonal recipe collections, anyone who wants to add to his or her cooking repertoire should definitely download this app.

The home screen is the perfect launching point for finding the best grilling recipes.

(Credit:
Screenshot by Jason Parker/CNET)

How to Cook Everything ($4.99) is a cooking and recipe app based on New York Times columnist Mark Bittman’s best-selling cookbook, and it offers several easy-to-use tools that will be extremely helpful for your holiday feast.

The interface is very intuitive, with an opening screen that acts as a launching point for whatever you might want to cook. You can browse recipes; learn how to perform specific kitchen duties with kitchen basics; or search for recipes by entering a keyword in the search field. You have additional options when you’re not sure what you want to cook with buttons for Bittman’s picks, most popular recipes, featured recipes, or a selection of easy-to-make quick dinners. There also are buttons across the bottom of the screen for your saved favorites, your shopping list, and more.

How to Cook Everything comes with more than 2,000 recipes, all with Mark Bittman’s guidance and helpful illustrations and techniques. Especially handy are the built-in timers included within recipes that help you easily track each step of the process. You also have the option to show each step of the recipe onscreen, and with a swipe, you can move on to the next step so it’s not as confusing.

Other extras include the ability to quickly print recipes and shopping lists wirelessly over AirPrint; the ability to share what you’re cooking over Twitter and Facebook; and the ability to send up to 10 recipes a month to your friends via e-mail. Best of all, the recipes are embedded within the app so you can use it even without a reliable connection to the Internet.

Overall, How to Cook Everything is an excellent cooking guide and reference whether you’re in the kitchen or standing out by the barbecue. With tons of recipes, illustrations, built-in timers, and other handy tools, this is the app to have to make your kitchen time a success.

There are plenty of great grilling recipes with pictures to browse through.

(Credit:
Screenshot by Jason Parker/CNET)

Weber’s On the Grill ($4.99) takes more than 300 recipes from the company’s popular grilling books and adds some handy tools to make this app an almost perfect grilling companion on your iPhone. Start by picking the type of meat you plan to grill by opening up a large list of recipes with mouth-watering pictures to pique your interest.

From there, you can add the ingredients to an included grocery list that lets check off each ingredient while you shop. When the coals are hot, use your knowledge gained from more than 100 grilling tips and set the included timer so you know your meat will come out perfect. Weber’s On the Grill also comes with a grilling guide for each type of meat so you know approximately how long to cook your steak and when to take that chicken off the grill.

Weber’s On the Grill offers an intuitive interface for finding recipes, big clear pictures of recipes you want to create, and plenty of tips for grilling each type of food. The grocery list feature is a great way to make sure you have all the right ingredients at the store, and you can send the list to someone else (whoever might be doing the shopping) via e-mail. One issue we found is, as you grill, it seems like you should be able to launch the timer straight out of a recipe you’re using rather than having to switch back and forth. In spite of this minor problem, Weber’s On the Grill is definitely a worthy grilling companion for Independence Day BBQing, and I imagine there will be updates to smooth out any rough edges in the future.

Have a better cooking app we should know about? Let us all know in the comments.

From the first moments of its animated opening, which includes an execution, an implied rape, and a graphically slit throat, it’s clear that Gameloft’s BackStab deserves a stronger rating than “12+.” Since when is it OK to expose 12-year-olds to “Frequent/Intense Realistic Violence”?

I guess that’s the world we live in. I know parents who let their 8-year-olds watch violent, R-rated movies, which puzzles me to no end. Anyway, if the name alone didn’t cue you in to BackStab’s modus operandi, now you know. It’s an extremely violent game.

But fun, if you can overlook the bugs. It’s like wandering into the middle of a “Pirates of the Caribbean” movie, but without Jack Sparrow. Instead, you take on the role of British naval officer Henry Blake (guess the Gameloft devs are fans of “MASH”). At least, you start off as an officer, but things go a little off the rails soon into the game. Suffice it to say, the aforementioned opening sequence foreshadows a lot.

"Back to your house, you say? Huh-huh, huh-huh. OK!"

(Credit:
Screenshot by Rick Broida)

If the setting is pure “Pirates,” the gameplay more closely resembles Assassin’s Creed. BackStab’s world is an open one, where you can run around, fight almost constantly, scale walls, jump across rooftops, get stealthy when necessary, and take on various missions (both on the side and to drive the main plot).

You even man the occasional cannon, like in one of the game’s early sequences. This is where BackStab first revealed its highly buggy nature: I sunk all the landing-party boats, but still ended up dying somehow. Turns out the game hadn’t drawn in the huge Spanish ships that were launching those boats. I didn’t even know they were supposed to be there until the level reloaded with them staring me in the face. Yo, Gameloft: I can’t fire at what I can’t see!

Other bugs emerge with the camera angles, the controls, and the world in general (don’t be surprised when in-game characters suddenly disappear). On top of that, BackStab looked pretty chunky on my iPad 1, which is where I chose to play it. (A big screen is all but essential for a game like this–but the app is universal if you’re keen to try it on your iPhone or iPod Touch. It looked a lot better on my iPhone 4, but was much harder to control.)

Bugs and blocky graphics aside, BackStab is hard to put down. The running, climbing, fighting, and laughably buxom female characters add up to an enjoyable experience, at least if you’re into that sort of thing. If Gameloft could fix some of the bugs, it’d have a real winner on its hands.